All Politics is now Global

Updated: A million German routers knocked offline by failed Mirai botnet attack

Nearly a million customers of telecoms company Deutsche Telekom AG began experiencing network outages, possibly to due hacker sabotage.

Deutsche Telekom said that an outage of service to nearly one million customers over the weekend was possibly a botched attempt to capture a massive botnet.

Deutsche Telekom’s head of IT security Thomas Tschersich, speaking to German newspaper Der Tagesspiegel, blamed the outages that hit 900,000 customers over the 26 November weekend on hackers who tried and failed to recruit those customers’ routers into a botnet.

Earlier reports that the attack was using Mirai have been called into question by security researcher Ken Munro from Pen Test Partners. Speaking to SCMagazineUK.com, he said that the attack vector didn’t appear to be related to hard-coded credentials but was instead an exploit. Routers are notorious for poor security, he said, with hundreds of models containing vulnerabilities that have been known about for years.

Munro has warned repeatedly over the years about the possibility of assembling a botnet from vulnerable routers.

The outages began in mid-afternoon on Sunday 27 November, gaining in intensity over the next few hours and then easing off before peaking again on Monday. Software updates pushed to the routers were taking effect by Monday, the company said, which helped reduce the number of affected customers to around 400,000.

Reuters reported that several of its sources within the German security services also believe this to be the work of hackers.

Deutsche Telekom provides its customers with a router called Speedport which is a badge that covers a range of more than a dozen models mostly from Asia. Firmware updates were being pushed out to three of these models, all made by Taiwan’s Arcadyan Technology.

DT said it will be reviewing its relationship with Arcadyan following the attack.